CN1650268A - Method and system for password protecting confidential content - Google Patents

Abstract

A method and system for cryptographically protecting secure content in conjunction with a graphics subsystem of a computing device is provided. Techniques are implemented to encrypt the contents of video memory so that unauthorized software cannot gain meaningful access to the contents, thereby maintaining confidentiality. Further, a tamper detection mechanism is provided so that when data is changed in some way, it is known, thereby maintaining integrity. In various embodiments, the contents of the overlay and/or command buffer are encrypted, and/or the GPU is able to process the encrypted content while preventing the encrypted content from being made available to untrusted parties, devices, or software.

Description

Access to your password and protect the method and system of secure content

The reference of reporting to the leadship after accomplishing a task of related application

The application requires in the provisional application sequence number 60/337 of application on Dec 4 calendar year 2001,617 and in 60/339 of application in Dec 10 calendar year 2001,143 right of priority, and relevant with the pending trial U.S. Patent application 10/125,170 of the common transfer of applying on April 18th, 2002.

Copyright statement and permission:

The open part of this patent file may contain the shielded content of copyright.The copyright owner does not oppose anyone facsimile copy this patent document or patent disclosure content as appearance in the patent file of United States Patent (USP) trademark office or record, but keeps whole copyrights in others.Below sign should be applicable to presents: Copyright 2001, Microsoft Corp.

Technical field

The method and system of protection secure content the present invention relates to access to your password.More particularly, the protection that the present invention relates to access to your password had both guaranteed the confidentiality of content by the content that graphics pipeline (graphics pipeline) sends, and guaranteed the technology of distorting protection for content again.

Background technology

Now, the Internet and other many sources and application provide streaming and fixed medium or other content that a series of a large amount of being used to are listened to, watch, handle, stored and otherwise represent.But; do not exist in the mode of copy protection at present and catch, write down or reproduce (rendering) streaming or fixed medium or content; so that when the time just at contents processing; perhaps when reproducing content; the bootlegger can not a bit tap into content stream in certain of streamline, and obtains the copy of content or change the practical approach of content.For other media representation and the recording unit in past, for example be used for the VCR of television content, perhaps be used for the blattnerphone of sound signal, there has been this problem, but had a key difference at least.Because in fact but no signal loss ground writes down Digital Media, for the copyright owner, this can cause their works will arbitrarily to be shared (by pirate), and is not compensated.For VCR and blattnerphone, equipment and transmission medium can be introduced the damage of noise or data in recording process.For streaming or stationary digital medium, at least with respect to the limit of people's ear and human eye ability, why can not realize in fact harmless conversion and retransfer, and why can not preserve and freely distribute pure numerical data also without any reason without any reason.Thereby, owing between the numerical data that numerical data that copyright owner charge provides and bootlegger provide free, only have little difference, wish therefore to prevent that the freedom of numerical data from distributing again.In addition, for the communication that hope is maintained secrecy, for example e-commerce transaction, the user for participating in dialogue importantly participates in described transaction without any unwarranted third party in the dark.Thereby, for content, do not exist in " safely " processing or reproduction data on the user's computer at present, and need not prevent the practical approach of piracy or damage from the source of being commissioned.

Especially, in case in the host computer system, one or more graphic process unit (GPU) and reproducer, for example streamline is carried content between the monitor, then bootlegger or other unwarranted third party have repeatedly chance entry-line or signal, and usurp or destroy signal.In addition, because information receiving service and video conference make user session become complicated more, for the secure content that originates from Anywhere provides the streamline of being commissioned to become more important.

In addition, with to draw maximum computing powers from CPU like that in personal computer (PC) now opposite, the operating system of obvious following several generations, computing equipment and application program can be used for the more computing powers from GPU commercial the application.Thereby the safety of guaranteeing to send to by " figure of being commissioned " application program the content of GPU is the essential characteristic of following computing equipment, and is the problem that present computing system does not fully solve.

Can be counted as existing two aspects for the content of being commissioned provides the problem of secure flows waterline: (1) must guarantee a certain weak link in streamline; reproducible or check that the content of being commissioned (confidentiality) and (2) must guarantee that streamline prevents to destroy without permission the data (being protected) in the streamline not.Aspect security of system, because the security of system more difficult of proof, so complicacy is an adverse condition.As the situation of airport or other harbor, the entrance and exit that exists in the system is many more, then difficultly more guarantees safety.In this respect, not existing at present can be in any means of trusting most of GPU function and display driver aspect confidentiality and the protective capability two by it.Thereby, wish to realize with from the relevant graphics environment of being commissioned of computing equipment of source received content of being commissioned, thereby can guarantee that content can not just be replicated without permission to the user of equipment, and content can not be distorted by the third party or change.

Summary of the invention

In view of foregoing, the graphics subsystem that the invention provides a kind of and computing equipment is the method and system of encipherment protection secure content together.Realization is to the various technology of the content-encrypt of video memory, and consequently unwarranted software can not be realized the meaningful visit to described content, thereby satisfies the target of confidentiality.In addition, provide a kind of testing mechanism of distorting, so that when changing data, can know, thereby satisfy the purpose of protective capability according to a certain mode.In each embodiment, how the present invention has illustrated the content-encrypt to coverage rate and/or commands buffer, and/or has illustrated how to make GPU can handle encrypted content, prevents simultaneously that non-consignee, equipment or software from obtaining described encrypted content.

Method of the present invention differently comprises the technology with the graphics system encipherment protection secure content of being commissioned; the described graphics system of being commissioned has video memory; graphic process unit (GPU) and with the cipher processing apparatus of GPU coupled in communication; described technology comprises the processing or the reproduction of application program or device request graphics system execution secure content; wherein said request comprises that application program or equipment send session key (session key) to graphics system; and secure content is sent to the encryption section of video memory; by the contents decryption of the GPU that communicates by letter with cipher processing apparatus to the encryption section of video memory; GPU carries out processing or the reproduction about decryption content, and from the GPU output content.

Similar approach of the present invention differently comprises the processing or the reproduction of application program or device request graphics system execution secure content, wherein said request comprises that application program or equipment send session key to graphics system, so that examine by cipher processing apparatus, secure content is sent to the encryption section of video memory, the deciphering mechanism of the input media of GPU is to the contents decryption of the encryption section of video memory, wherein deciphering mechanism communicates by letter with cipher processing apparatus, GPU carries out processing or the reproduction about decryption content, the encrypt/decrypt mechanism of output unit that utilizes GPU is to content-encrypt, and from GPU output encrypted content.

The following describes additional features and embodiments of the invention.

Description of drawings

Further describe method and system with reference to the accompanying drawings according to encipherment protection secure content of the present invention, wherein:

Figure 1A is the block scheme that expression has the illustration network environment that wherein can realize various computing equipments of the present invention;

Figure 1B is a block scheme of representing wherein can realize the non-limiting computing equipment of illustration of the present invention;

Fig. 2 is the process flow diagram of the not protected part of the graphics pipeline protected according to the present invention of graphic extension;

Fig. 3 A and 3B are the block scheme of graphic extension according to the illustration situation of ground floor confidentiality of the present invention;

Fig. 4 A-4C is the block scheme of graphic extension according to the illustration situation of second layer confidentiality of the present invention;

Fig. 5 A-5B illustrates according to the exemplary hybrid of AYUV/ARGB form of the present invention (swizzling);

Fig. 6 A-6B graphic extension is according to the exemplary hybrid of YUY2 form of the present invention;

Fig. 7 A-7B graphic extension is according to the exemplary hybrid of pressure planes of the present invention (packed planar) form;

Fig. 8 A and 8B are the block scheme of graphic extension according to the illustration situation of the 3rd layer of confidentiality of the present invention;

Fig. 9 A and 9B are graphic extensions according to the block scheme that can be applicable to from the illustration encryption technology of the output of graphic process unit of the present invention.

Embodiment

General introduction

The invention provides a kind of expansion and come between the content in the source of being commissioned and the graphics system and be used to handle and/or reproduce operating system or other medium of content, use and take precautions against the system and the technology of playback of the charged content of unauthorized duplication so that realize " figure of being commissioned " such as the secret dialogue that prevents to distort.Consider that a kind of mode of the present invention is to the invention provides three " level " safety: the encryption of the content of (1) faying surface; (2) make GPU or other treating apparatus can handle encrypted content, and can not make untrustworthy side obtain described encrypted content; (3) make the commands buffer can be encrypted.

As mentioned above, aspect security of system, owing to can make the security of system more difficult of proof, so complicacy is an adverse condition.Thereby, must regard most of GPU function and display driver as untrustworthy by thinking, beginning the present invention.The present invention subsequently uses by restriction in order to satisfy safety standard, the scope of the hardware that realize, thereby the technology of the chance of the correct realization of increase aspect confidentiality and protective capability.

Discussed above according to terms more of the present invention.But, for the sake of clarity, to emphasize some terms now.Term " secret " refers to and prevents the non-third party of being commissioned, and for example third party device or software contact the content information of being commissioned.An example of this confidentiality comprises and prevents the non-third party of being commissioned in any place along graphics pipeline that the playback of charged content is encrypted in contact.Term " protected " refers to and prevents the non-third party of being commissioned, for example third party device or software under undiscovered situation, contact or change the content information of being commissioned.An example of this protective capability comprises the demonstration that prevents the non-third party's of being commissioned contact or change the privileged communication that may produce in e-commerce transaction.

In this respect, the present invention considers overlaid windows, for example is positioned at the user interface above the charged content video flowing, and in ecommerce dialogue, may present can not hidden evil thoughts window.

The network environment of illustration

Those of ordinary skill in the art can recognize that computing machine or other client computer or server apparatus can be used as the part of computer network, perhaps use in distributed computing environment.In this respect, the present invention and comprise the storer or the storage unit of arbitrary number, and any computer system of the application program of the arbitrary number that produces between the storage unit of arbitrary number or capacity and process is relevant, and the application program of the storer of described arbitrary number or storage unit and arbitrary number and process can involve the graphics mode of being commissioned of the present invention.The present invention can be applicable to have and adopts in network environment or distributed computing environment, has the server computer of long-range or local storage and an environment of client computers.The present invention also can be applicable to have the programming language function, generation, reception and transmission and the explanation of long-range or the information that local service is relevant and the independent computing equipment of executive capability.

The Distributed Calculation facility is shared computer resource and service by the direct exchange between computing equipment and the system.These resources and service comprise the exchange of information, the disk storage of cache and file.Distributed Calculation is utilized network connectivty, allows client computer to replenish their collective ability, thereby is of value to whole tissue.In this respect, various device can have and can interact, thereby involves application program, object or the resource of the graphics pipeline of being commissioned of the present invention.

Figure 1A is the networking of illustration or the synoptic diagram of distributed computing environment.Distributed computing environment comprises calculating object 10a, 10b etc. and calculating object or equipment 110a, 110b, 110c etc.These objects can comprise program, method, data warehouse, FPGA (Field Programmable Gate Array) or the like.These objects can comprise identical or different equipment, for example a plurality of parts of PDA, televisor, MP3 player, personal computer etc.Each object can be by communication network 14 and another object communication.Communication network 14 itself can comprise that the system to Figure 1A provides other calculating object and the computing equipment of service.According to an aspect of the present invention, each object 10 or 110 can comprise the application program of the graphic resource of can asking to be commissioned.

Can recognize that also the object such as 110c can live with on another computing equipment 10 or 110.Thereby, though the physical environment of describing is shown as computing machine to the equipment list that connects, but such graphic extension only is illustrative, physical environment also can be described or is described as the various digital devices that comprise such as PDA, televisor, MP3 player, the software object such as the interface, com object or the like.

Support that system, assembly and the network topology of distributed computing environment are a lot.For example, computing system can link together by local network or widely distributed network by wired or wireless system.At present, many networks all couple with the Internet, and the Internet provides foundation structure for widely distributed calculating, and comprise many different networks.

In local network environment, exist four kinds of diverse networks supporting unique agreement respectively to transmit media at least, line of electric force for example, data (wireless and wired), voice (for example phone) and entertainment medium.Most of local opertaing devices, but for example light switch and electrical equipment electrification line are communicated with.Data, services can broadband (for example DSL or cable modem) form enter this locality, and wireless by utilizing (for example HomeRF or 802.11b) or wired (for example Home PNA, Cat 5, even line of electric force) is communicated with addressable data, services.Voice communication can wired (for example Cat 3) or wireless (for example cell phone) form enter this locality, and by utilizing Cat 3 wirings to distribute in this locality.Entertainment medium can be via satellite or cable enter this locality, and the general using concentric cable distributes in this locality.IEEE 1394 and DVI also are being revealed as the digital interconnect of media device in groups.All these network environments and other environment that can be revealed as consensus standard all can interconnect, thereby form the intranet that can link to each other with the external world by the Internet.In a word, for the storage and the transmission of data, have the various sources that have nothing in common with each other, computing equipment need be protected the whole bag of tricks of contents in all parts of data processing streamline.

The Internet generally refers to the network that utilizes the ICP/IP protocol group and the set of gateway, and in the construction of computer network field, the ICP/IP protocol group is well-known.TCP/IP is the letter abbreviations speech that contracts of " transmission control protocol/interface routine ".The Internet can be described as the system by the remote computer network of the geographic distribution of the computer interconnection of carrying out the networking agreement, and described networking agreement allows the user to interact by network and shares information.Because this widely distributed information sharing, telecommunication network has developed into open system such as the Internet so far, and the developer can essentially noly restrictedly design the application software of carrying out specialized operations or service for it.

Thereby network infrastructure can realize various network topology, for example client/server, equity or mixed structure." CLIENT PROGRAM " is to use a class or the group membership with the service of its irrelevant another kind of or another group.Thereby just calculate, the process of the CLIENT PROGRAM service that to be request provided by another program promptly is one group of instruction or task in general.CLIENT PROGRAM is utilized institute's requested service under the situation that needn't " know " any operational detail relevant with other program or service itself.In client/server configuration, particularly in the group network system, client computer generally be visit by another computing machine, the computing machine of the shared network resource that provides of server for example.In the example of Figure 1A, computing machine 110a, 110b etc. can be counted as client computer, and computing machine 10a, 10b etc. can be counted as server, the data that preservations such as server 10a, 10b here are replicated in client computer 110a, 110b etc. subsequently.

Server normally can be by the remote computer system of remote network access such as the Internet.CLIENT PROGRAM can be in active state in first computer system, service routine can be in active state in second computer system, intercom mutually by telecommunication media, thus the distributed function of providing, and allow a plurality of client computer to utilize the information aggregation ability of server.

Client-server intercoms mutually by the function of utilizing protocol layer to provide.For example, HTTP (HTTP) is the common protocol of using with world wide web (www).In general, the computer network address such as resource locator (URL) or Internet protocol (IP) address is used to mutual identified server or client computer.The network address can be called as the resource locator address.For example, can provide communication by communication medium.Especially, client-server can couple mutually by the TCP/IP connection, so that realize large-capacity communication.

Thereby Figure 1A illustrates illustration networking or the distributed environment of server by network/bus and client communication, and the present invention can be used in described networking or the distributed environment.More particularly, according to the present invention, some server 10a, 10b etc. are by communications network/bus 14 and plurality of client machine or remote computing device 110a, 110b, 110c, 110d and 110e etc., for example portable computer, handheld computer, thin (thin) client computer, networking electrical equipment or such as VCR, TV, baking box, light fixture, well heater miscellaneous equipment link to each other, described communications network/bus 14 can be LAN, WAN, intranet, the Internet etc.Thereby expection the present invention can be applicable to wish to handle, preserve or reproduce any computing equipment of the secure content of originating from being commissioned.

Communications network/bus 14 is in the Internet environment therein, server 10 can be a Web server, client computer 110a, 110b, 110c, 110d, 110e etc. pass through any one in some known protocols, and for example HTTP communicates by letter with described Web server.

As the feature of distributed computing environment, server 10 also can be used as client computer 110.In appropriate circumstances, communication can be wired or wireless.Client computer 110 can not communicated by letter by communications network/bus 14 yet, and can have relative independent communication by communications network/bus 14 communications.For example under TV or VCR situation, concerning its control, can there be the networking situation, also can not have the networking situation.Each client computer 110 and server 10 all can be equipped with various application program modules or object 135, and with respect to the connection or the visit of various memory elements or object, can preserve file on described various memory elements or object, perhaps a plurality of parts of file can be downloaded or be transplanted on described all memory elements or the object.Thereby, can in computer network environment, use the present invention with client computer 110a, 110b etc. and server 10a, 10b etc., described client computer 110a, 110b etc. are addressable and interact with computer network/bus 14, and server 10a, 10b etc. can interact with client computer 110a, 110b etc., miscellaneous equipment 111 and database 20.

The computing equipment of illustration

Figure 1B and following explanation are used for brief overview wherein can realize suitable computing environment of the present invention.But it should be noted that hand-held, portable and other computing equipment and calculating object expection can and the present invention use together.Though multi-purpose computer is described below, but this is an example, the present invention can with have the network/bus interoperability and interactive thin client is implemented together.Thereby, can in network host (hosted) service environment, realize the present invention, in described network hosted service environment, relate to seldom or minimum customer resources, for example wherein client computer for example places the network environment of the object of utensil only as the interface with respect to network/bus.In essence, can preserve data or can fetch or any place of reproducing data all is the ideal or the control environment of operation of the encipherment protection of secure content of the present invention from it.

Though do not require, can by operating system, application programming interface (APU) realizes the present invention, and/or the present invention can be included in the application software of docking with the content of being commissioned.In each embodiment, the present invention also can be applicable to meet interfacing, and the hardware of the encryption technology that describes below.Can computer executable instructions software described in general sense, for example by such as client workstation, the program module that one or more computing machines of server or miscellaneous equipment and so on are carried out.In general, program module comprises the routine carrying out special duty or realize special abstract data type, program, object, assembly, data structure etc.Usually, as required among each embodiment, the function of capable of being combined or distribution program module.In addition, those skilled in the art will recognize that and to utilize other Computer Systems Organization to realize the present invention.Be suitable for other the well-known computing system for the present invention's use, environment and/or structure include but is not limited to personal computer (PC), ATM (Automatic Teller Machine), service computer, hand-held or laptop devices, multicomputer system, microprocessor system, programmable consumer electronic device, network PC, home appliances, light fixture, environment control element, microcomputer, mainframe computer or the like.Also can put into practice the present invention in distributed computing environment, in described distributed computing environment, task is by carrying out by the teleprocessing equipment of communication network and/or bus or the connection of other data transmission medium.In distributed computing environment, program module both can be arranged in the local computer storage medium, can be arranged in the remote computer storage medium again, and described storage medium comprises memory storage device, and client node can play server node again.

Like this, Figure 1B illustrates an example wherein can realizing suitable computingasystem environment 100 of the present invention, but as mentioned above, computingasystem environment 100 is an example of suitable computing environment just, and does not mean that any restriction to application of the present invention or envelop of function.Computing environment 100 should not be understood as that to have and any one assembly of working environment 100 illustrated of illustration or the relevant any dependence or the requirement of combination of assembly.

With reference to Figure 1B, be used to realize that example system of the present invention comprises the universal computing device that is computing machine 110 forms.The assembly of computing machine 110 can include, but is not limited to processor 120, system storage 130, the system bus 121 that each system component that comprises system storage and processor 120 are coupled.System bus 121 can be any one in the bus structure of several types, comprises memory bus or memory controller, peripheral bus and use any one local bus in the various bus structure.(but being confined to) for instance, this structure comprises industrial standard architectures (ISA) bus, and Micro Channel Architecture (MCA) bus strengthens ISA (EISA) bus, VESA (VESA) local bus, and Peripheral Component Interconnect (PCI) bus (being also referred to as the Mezzanine bus).

Computing machine 110 generally comprises various calculating readable mediums.Computer readable medium can be any available media that can be visited by computing machine 110, and comprises volatile media and non-volatile medium, detachable media and not detachable media.(but being not limited to) for instance, computer readable medium can comprise computer storage media and telecommunication media.Computer storage media comprises and realizing according to any means or technology, be used to store volatile media and non-volatile medium, replaceable media and non-exchange media such as the category information of computer-readable instruction, data structure, program module or other data.Computer storage media includes, but is not limited to RAM, ROM, EEPROM, short-access storage or other memory technology, CDROM, digital versatile disc (DVD) or other optical disc memory, magnetic tape cassette, tape, magnetic disk memory or other magnetic storage apparatus, other any media that perhaps can be used for preserving information needed and can be visited by computing machine 110.Telecommunication media is generally at the modulated data signal such as carrier wave or other transfer mechanism, imbody computer-readable instruction, data structure, program module or other data, and comprise that any information transmits media.Term " modulated data signal " refers to and is arranged in such a way or changes its one or more characteristics, so that therein to the information encoded signals.(but being not limited to) for instance, telecommunication media comprise the wired media such as cable network or direct wired connection, and wireless medium, for example sound, RF, infrared and other wireless medium.Above-mentioned combination arbitrarily also should be included within the scope of computer readable medium.

System storage 130 comprises the computer storage media that is volatibility and/or nonvolatile memory form, for example ROM (read-only memory) (ROM) 131 and random-access memory (ram) 132.Basic input/output 133 (BIOS) generally is kept among the ROM 131, and basic input/output 133 (BIOS) for example comprises in start-up course, helps the basic routine of transmission information between the assembly computing machine 110 in.But data and/or program module that RAM 132 generally comprises processor 120 zero accesses and/or just handled by processor 120 at present.(but whether limiting) for instance, Figure 1B illustrates operating system 134, application program 135, other program module 136 and routine data 137.

Computing machine 110 can comprise that also other is replaceable/non-exchange, and the volatile/non-volatile computer storage medium.For instance, Figure 1B illustrates the hard disk drive 141 that carries out read-write operation with respect to non-exchange non-volatile magnetic media, carry out the disc driver 151 of read-write operation with respect to removable non-volatile magnetic disk 152, with with respect to removable non-volatile CD 156, for example CD ROM or other optical medium carry out the CD drive 155 of read operation.It is spendable in the operating environment of illustration that other is replaceable/and non-exchange, the volatile/non-volatile computer storage medium includes but is not limited to magnetic tape cassette, flash memory card, digital versatile disc, digital recording band, solid-state RAM, solid-state ROM or the like.The hard disk drive 141 general non-exchange memory interfaces that pass through such as interface 140 link to each other with system bus 121, and disc driver 151 generally links to each other with system bus 121 by the changeable storage interface such as interface 150 with CD drive 155.

Describe above and the driver of graphic extension in Figure 1B and their correlation computer storage medium provides computer-readable instruction, data structure, program module and other data for computing machine 110 storage.For example, in Figure 1B, hard disk drive 141 is illustrated storage operating system 144, application program 145, other program module 146 and routine data 147.Notice that these parts can be identical with routine data 137 with operating system 134, application program 135, other program module 136, also can be different.Here, operating system 144, application program 145, other program module 146 are endowed different numerals with routine data 147, so that illustrate that they are different copies at least.The user can be commonly referred to the input media of mouse, tracking ball or touch pads and so on by such as keyboard 162 and indicator 161, order and information input computing machine 110.Other input media (not shown) can comprise microphone, operating rod, joystick, satellite dish antenna, scanner or the like.These and other input media is usually by linking to each other with processor 120 with user's input interface 160 that system bus 121 couples, but also can be by other interface and bus structure, and for example parallel port, game port or USB (universal serial bus) (USB) link to each other.Graphic interface 182 such as Northbridge also can link to each other with system bus 121.Northbridge is the chipset of communicating by letter with CPU or primary processor, and bears the responsibility of Accelerated Graphics Port (AGP) communication.One or more graphic process unit (GPU) 184 can be communicated by letter with graphic interface 182.In this respect, GPU 184 generally comprises monolithic memory, and for example register storage, and GPU 184 is communicated by letter with video memory 186.But GPU 184 is an example of coprocessor just, thereby various coprocessor can be included in the computing machine 110.Also by interface, for example video interface 190 also links to each other with system bus 121 display of monitor 191 or other type, and video interface 190 is communicated by letter with video memory 186 again.In general, this part of computing equipment is vulnerable just, therefore the invention provides the Data Protection and the confidentiality of the just processed or reproduction of following it and coming.Except monitor 191, computing machine also can comprise can be by other peripheral output devices of output peripheral interface 195 connections, for example loudspeaker 197 and printer 196.

By utilizing with respect to one or more remote computers, for example the logic of remote computer 180 connects, and computing machine 110 can be worked in network or distributed environment.Remote computer 180 can be personal computer, server, router, network PC, peer device or other common network node, and many or all elements that illustrate with respect to computing machine 110 above generally comprising, but only illustrate memory storage 181 among Figure 1B.The logic module of describing among Figure 1B comprises Local Area Network 171 and wide area network (WAN) 173, but also can comprise other network/bus.In family, office, company computer's network, intranet and the Internet, such network environment is ordinary.

In the time of in being used in the LAN network environment, computing machine 110 links to each other with LAN 171 by network interface or adapter 170.In the time of in being used in the WAN network environment, computing machine 110 generally comprises modulator-demodular unit 172 or by WAN 173, for example other device of communication is set up in the Internet.Modulator-demodular unit 172 (can be built-in or external) can link to each other with system bus 121 by user's input interface 160 or other suitable mechanism.In network environment, program module or its a plurality of parts described about computing machine 110 can be kept in the remote storage device.(but not being restriction) for instance, Figure 1B is illustrated as remote application 185 and resides on the storer 181.Network shown in recognizing connects just illustrative, also can use other device of setting up communication link between computing machine.

The distributed computing framework of illustration or structure

In view of the convergence of individual's calculating and the Internet, various distributed computing frameworks have been developed and have developed.Individual and commercial user be furnished with equally be used for application program and computing equipment can seamless common use, allow the interface of Web, make computational activity day by day towards Web browser or network.

For example, MICROSOFT .The Net platform comprises server, and the brick pattern service is for example based on data storage and the Downloadable device software of Web.In general, .Net platform provides (1) that all computing equipments are worked together, and on all computing equipments, user profile is updated automatically with synchronously, (2) by a large amount of XML that use, rather than HTML, improve the interaction capabilities of Web website, (3) online service of visit of the characteristic customization of product from central starting point to the user and service and transmission is so that manage various application programs, for example Email, perhaps software, Office.Net for example, (4) centralized data storage, this will improve Information Access efficient, and make things convenient for information between Information Access and user and the equipment synchronously, (5) integrated various telecommunication media, for example Email, the ability of fax and phone, (6) are for the developer, produce the ability of reusable module, thereby boost productivity, and reduce number and (7) and other many cross-platform comprehensive characteristics of misprogrammed.

Though the method that realizes about the software that resides on the computing equipment has been summarized illustration embodiment here, but also can pass through operating system, " middle people (middle man) " object between application programming interface (API) or coprocessor and the inviolacy content, realize one or more part of the present invention, so that being commissioned content service can be by the language of all .Net and service execution, obtain the support of the language of all .Net and service or accessed by language and the service of all .Net, and in other distributed computing framework too.In addition, can recognize that according to the present invention one or more technology of describing may relate to the change to hardware, for example to the change of GPU, so that meet described technology.

The encipherment protection secure content

Thereby, the invention provides expansion operating system, perhaps any platform, thus realize that " figure of being commissioned " such as anti-tamper secret dialogue use, and can realize the method and system of reproduction of content in the mode of taking precautions against unauthorized duplication.Fig. 2 illustrates the problem that the present invention solves, and wherein encrypts charged content 200 and is expressed as by being commissioned application software TS or produced by the application software TS that is commissioned.Follow the application of trusted software TS and come be, reproducing contents 200 (perhaps other application) before by reproducer 295, content 200 can relate to the function of GPU 265.Such content 200 will send video memory 260 to from system or primary memory 230, so that handled by GPU 265.The place of the illustrated in dashed lines explanation safety problem among Fig. 2.As described in the background art, the system that does not have at present the protected and secret transmission of the content of guaranteeing the parts that center on by a dotted line fully.From the position of trusted software TS, first problem is before surrendering content to GPU, whether can entrust to assembly in the dotted line to content.Suppose the assembly of trusted software TS in can the correct verification dotted line, then second problem from the position of trusted software TS is that trusted software TS must reasonably be sure of, in case data are surrendered in the dotted line, then data can not be changed.Solve these two kinds of problems among each embodiment that the present invention is described below.According to different modes, by (1) content-encrypt to faying surface; (2) make GPU can handle encrypted content, and can not make non-be commissioned application program or non-consignee obtain described encrypted content; (3), realize method and system of the present invention to the content-encrypt of commands buffer.

Providing of encryption (being sometimes referred to as " cipher machine " here) processor and index key management is provided the first aspect of the be commissioned graphics process and the problem of reproduction that the present invention solves.The U.S. Patent application No.AA/BBB of pending trial in the time of common transfer, CCC (' the CCC application), " Methods andSystems for Authentication of Components in a Graphics System " (applying date YYYY, the DD month) discloses the technology of the checking as described below assembly relevant with graphics system.But, understand to it is considered herein that checking takes place that thereby following described in each embodiment of the present invention, verification technique can be used to provide the graphic platform of being commissioned arbitrarily.

The checking of illustration

In this respect, secret graphics card must verify they oneself after this manner.Especially, trusted software must be able to be distinguished secret graphics card and traditional graph card or deception device, for example spoofer.In addition, trusted software must be able to show encryption key to graphics card, and the recipient that can examine key is secret graphics card really.For this reason, secret graphics card is furnished with according to encryption processor of the present invention, and described encryption processor is carried out the cryptographic tasks of checking and key transmission.

For hardware,, make described encryption processor individual in the mill, and provide a certificate according to the invention provides encryption processor.Each encryption processor comprises unique special-purpose decruption key K _PrivThough expect many different encryption and decryption algorithms according to the present invention, and described many different encryption and decryption algorithms are that the technician in the field of encryption is known, but, algorithm described herein is RSA, key length is 1024, and the two all is nonrestrictive design alternative, can be according to using and required security classification, according to well-known compromise, change algorithm and key length.

In this respect, by encryption processor being added on the existing chip, perhaps, encryption processor forever is installed on the graphics card by encryption processor is added on the graphics card as individual chips.Encryption processor is realized public key encryption algorithm, following be described in more detail the same, and hide unique private key.In this respect, this encryption processor can utilize silicon technology now to carry out the public keys deciphering fast.But encryption processor also can comprise the public keys accelerator, and can realize symmetric cryptography (AES) and a certain steering logic.

In the non-limiting example of an illustration, encryption processor comprises following volatile register: (1) is used for 256 bit registers of session key.The life-span of this key is generally the working time of trusted software and the array of (2) some index keys.Each key be 128 long, but other selection also suits.Each key is relevant with specific window, and is used for its contents decryption by graphics card.The life-span of each key is by the instruction management from trusted software.

As mentioned above, encryption processor of the present invention forever is installed on the graphics card.Thereby, need a kind ofly link with encryption processor safely, so that utilize the method for its function.Just link with encryption processor, the present invention considers two kinds of technology at least: (1) is with respect to the external interface of trusted software TS and the interface of (2) GPU 265.Last interface-at least with regard to its encrypted feature-necessary standardization.Back one interface can be a specific implementation, but should observe whole criterions of stating below.

Realize that for external interface private key (PK) cryptographic protocol is used for checking to external interface and key transmits.According to this agreement, trusted software TS utilizes the public keys of encryption processor to the speech channel secret key encryption.Encryption processor receives the password group (cryptoblob) that as a result of obtains, and deciphers described password group with its private key, thus the acquisition session key.Now, trusted software and encryption processor are shared secret.Trusted software can use this session key to send instruction to encryption processor.

In a non-limiting example, encryption processor exposes external interface by following function:

Function S etSessionKey () carries out the initial authentication step and key transmits.This is unique function of the public keys function of visit encryption processor.Call this function when thereby in one embodiment, plan of the present invention guides at every turn.The false code of following illustration is represented the non-limiting realization of a people of SetSessionKey ():

SetSessionKey(cryptoblob){

PKDecrypt(privateKey，cryptoblob，sessionKey)；

}

After completing successfully operation, the session key register comprises a key that comes from key group, for example one 256 key.Public key algorithm can be, for example 1024 RSA.

In case determined symmetrical session key K between trusted software and encryption processor, then this key can be used to protect all other communications of being to and from encryption processor.Trusted software and encryption processor can communicate by simple Get and Set method, consider confidentiality and integrity, and the parameter of described Get and Set method obtains encipherment protection.Especially, can handle the parameter block B that each calls according to following non-limiting way:

AES(M|HMAC(M，K1)，K2)，

Here:

K1 is the first half (position 0-127) of K

K2 is the latter half (position 128-255) of K

(M K) is the AES that utilizes under the CBC pattern to AES, according to the result of key K to message M encryption

(M is to utilize key K K) to HMAC, calculates the result of HMAC for the appropriate hash function of message M

The result that A|B is and puts A and B.

This form can be used for the input parameter and the output parameter of following function:

Set([IN]?BOOL?needsAck，[IN]BITS128?nonce，[IN]ENUMpropertyID，[IN]BYTESEQUENCE?propertyParameters，[OUT]BYTESEQUENCE?ack)

Here:

NeedsAck is a Boolean, and it allows trusted software need to indicate whether to confirm.

Nonce is one 128 the value that trusted software is selected.If request confirms that then nonce can be used in the affirmation.

The character that propertyID identification just is being set up.Provided the exemplary list of the character of supporting in the following table 1.

PropertyParameters is the series of parameters specific to each propertyID.

At last, Ack is the affirmation of operation.And if only if when needsAck is set, and encryption processor just produces ack.Ack is made of the nonce that follows thereafter specific to the message of each propertyID.

Property?ID	Needs?Ack	Parameters	Acknowledgement
				The index key	Be	Index, key, purpose	Good, failure
The output locking	Be	{ locking is unblanked }	State behind the lock operation
				L2KEYMGMT	Be	Renewal frequency	Good, failure

The propertyID tabulation of table 1-Get function

For index key propertyID, this method writes new key and purpose mark in the key register of being discerned by index.

For output locking propertyID, this method is provided with the output lock flag.When this sign was set, (VGA DVI) can not be changed for screen geometry structure (width, highly, color depth, refresh rate) and graphics card output.Specifically, when the output lock flag was set, graphics card can not carried out the instruction that changes these settings.

For L2KeyMgmt propertyID, this method is in the second layer protection of describing according to the present invention, promptly be described in more detail below under the input and output encryption situation, the key updating frequency is set.

Be similar to following proposition Get function:

Get([IN]BITS128?nonce，[IN]ENUM?propertyID，[IN]BYTESEQUENCE?propertyParameters，[OUT]BYTESEQUENCEresponce)

Here:

Nonce be trusted software select be used in 128 value in the response.

The character that propertyID identification just is being set up.Provided the tabulation of the character of being supported in the following table 2.

PropertyParamters is the series of parameters specific to each propertyID.

Response comprises the result of operation.Response is made up of the nonce that follows thereafter specific to the message of each propertyID.

Property?ID	Parameters	Response
			Output port	Cipher key index	VGA, AGP etc.
Validation Code	Cipher key index	The X-bit digital
			The DX-SEC version	Do not have	Version number
Secret face counting	Do not have	The number of the secret face of supporting
			Faying surface calculates	Do not have	The number of the faying surface of supporting
Main type	Do not have	1
			Geometry	Do not have	The width of interarea, highly, refresh rate, color depth

The tabulation of the Property ID of table 2-Set function

For output port, this method is returned the setting of graphics card output, for example VGA, DVI etc.

For Validation Code, according to the ground floor protection of describing according to the present invention, i.e. the encryption of coverage diagram, this method is returned the garbage of the content of window.

For the DX-SEC version, this method is returned the version of the DX-SEC that graphics card supports.

For secret face counting, this method is returned the number of the secret face that graphics card supports.

For faying surface counting, this method is returned the number of the overlapping secret face that graphics card supports.

For main type, this method returns 1, and following dirigibility is provided.

For geometry, this method return the width of interarea, highly, refresh rate and color depth.

The Set function also comprises position or the size that protected district coverage diagram is set, perhaps the method for the position of the part of interarea that should be decrypted and size.

Thereby, top SetSessionKey, Get is relevant with the non-limiting example of Set and external interface.Term " internal interface " refers to the interface between encryption processor and the graphics card remainder.According to the realization decision by each independent graphics card of the details of this interface of the present invention, obey following restriction: (1) encryption processor should forever be installed on the graphics card, and the connection between (2) encryption processor and the graphics card remainder should not be exposed.

In this respect, it should not be inessential taking off encryption processor from graphics card.If encryption processor is realized as individual chips, then this mainly is about encryption processor being installed in the restriction of the mechanical interface on the graphics card.In general, encryption processor should be welded on the graphics card.On the other hand, encryption processor should reside on the chip identical with main GPU.Allow to take off the standardization mechanical interface of encryption processor, intelligent card reading for example, the use of slot base etc. is unacceptable.

In addition, must be able to not contact the physical connection between encryption processor and the graphics card remainder, and can not expose described physical connection by standard interface.For example, according to the present invention, the USB web member on this bus is unacceptable.

For the rule of key management, use each index key according to its relevant purpose parameter only.In one embodiment, the value of purpose parameter has following connotation:

L1STREAM: this key only with following about ground floor confidentiality provided by the invention, i.e. the DX-SEC stream cipher of the encryption of coverage diagram explanation uses together.

L2BLOCK: the second layer confidentiality provided by the invention that this key is described below only, promptly under the ecb mode that input and output are encrypted and block encryption use together.Piece key under the ecb mode is used to decipher the texture block that trusted software writes.

In this respect, when index is received in new value, should not keep any copy of key.

The coverage diagram of ground floor confidentiality-encryption

Because video memory can be run on the non-trusted software mapping on the CPU and be read, so video memory can not comprise the information that is the plaintext form.The video memory of obeying this requirement comprises the video memory that is used for refresh display.The initial realization of system of satisfying this standard according to the present invention is to the content-encrypt of faying surface.Subsequently when image is sent to display, coverage diagram in transmission course by the DAC hardware decryption, perhaps just decrypted before arriving DAC hardware.

Fig. 3 A illustrates an illustration of this technology and realizes.From any place, easily the encryption charged content 200 being found or produce by the application software 210 of the being commissioned application software 210 of being commissioned receives.Ensue and the checking of encryption processor 220 exchange, the checking exchanger of describing in illustration embodiment above for example is perhaps by maintaining secrecy ground or realize by any other technology that privacy key is transmitted in the path that is subjected to other method protection.Content 200 passes to the coverage rate 240 of encryption from system storage 230, and coverage rate 240 covers the interarea 270 of video memory 260.Combining encryption processor 220,250 pairs of the decryption portion of GPU 265 are encrypted the encryption layer deciphering that coverage diagram 240 provides, and content is sent to pixel selection 280, so that export to digital visual interface (DVI)/D-A converter (DAC) 290, thereby export to reproducer, for example monitor.But the system of describing among Fig. 3 A does not satisfy all standards described above, because only there is a coverage diagram.For the satisfied required minimum function of environment of being commissioned, the window of for example being commissioned, the present invention realizes two coverage diagrams in an alternative.First coverage diagram of " maintaining secrecy " comes down to be present at present the coverage diagram in the platform, is mainly used in displaying video, and quilt is expanded so that its content can be encrypted.Second coverage diagram is the user interface that is used to present sensitivity of special designs, for example ecommerce dialogue.Be somebody's turn to do " protected coverage diagram " Always On Top, and can not cover, promptly do not have color adaptation, and right of priority is higher than first coverage diagram.In order to make expense reduce to minimum, second coverage diagram may be subjected to some restriction.For example, can form second coverage diagram like this, so that data are in the pixel format identical with interarea, and can not be stretched or multi-buffer.In addition, the content of protected coverage diagram can be examined by hardware.Table 3 has been summed up the illustration difference between secret coverage diagram and the protected coverage diagram.

Project	Secret coverage diagram	Protected coverage diagram
			The pixel format identical with interarea	Be	Not
Can be stretched	Not	Be
			Can be mixed colours by destination (destination)	Be	Not
Can be by multi-buffer	Be	Not
			Always On Top	Not	Be
Content can be verified	Not	Be

Table 3 secret coverage diagram of contrast and protected covering

Fig. 3 B represents to comprise secret coverage diagram, coverage diagram 310a, 310b and the 310c and the protected coverage diagram 320 of for example secret coverage diagram upset chain (flipping chain) 310.In the time of possible, stream cipher is used to secret face and encrypts, because compare with block encryption, they realize faster and simpler (more details are referring to appendix A).Stream cipher is encrypted data according to " position of byte in the stream ".Thereby first order confidentiality of the present invention utilization is positioned at the pixel encryption key initialization stream cipher in this face upper left corner.For each pixel that is included in the coverage rate presets stream cipher, and do not consider whether pixel will be shown.The system of proposing comprises two stream cipher encrypting assembly 300a and 300b, and one is used for secret coverage diagram, and one is used for protected coverage diagram.In case there is the deciphering pixel value; then hardware 280 is selected protected coverage diagram 320; the pixel value of secret coverage diagram 310 (if interarea (primary) 270 equals color key (key) and/or allow color adaptation) or interarea 270, and pixel value is sent to viewing hardware by DVI/DAC 290.

Note the means of adversary, can contact coverage diagram, thereby display image be cannot see, perhaps replace secure content, because the data that the adversary writes are also with encrypted with noise content by arbitrary number.Though the present invention does not directly take precautions against these attacks, but the present invention provides integrity checking really, so as to guarantee to the final user present be the expection content.Thereby if output is different from input, then user or trusted software 210 can be warned existence distorting content.

Software interface for coverage diagram; except common coverage diagram information; source and destination bounding box for example; destination color key etc.; secret coverage diagram 310 keeps the encryption key indices of regulation; protected coverage diagram 320 keeps the memory location of regulation in addition, and the Cyclic Redundancy Code (CRC) of the coverage diagram content after the deciphering should be written into described memory location.

Secret coverage diagram interface class is similar to existing coverage diagram, except upset (flip) method regulation coverage diagram rear end impact damper 310a, promptly with respect to it just outside the encryption key indices of the content of the impact damper of roll data.

Protected coverage diagram interface is simpler, and is after showing first, and the CRC of face that be transmitted to memory location is as preparation.The position of standardization hardware interface control coverage diagram, and, make CRC be applicable to the software of care based on poll.For example, whether a register can indicate CRC to be suitable for, and another register can make CRC be read.For example, aspect protected coverage diagram interface, can utilize following illustration false code:

HRESULT?UpdateOverlay(LPPOINT?ppntUL)；

Here:

PpntUL specifies the upper left corner of protected coverage diagram.

In this respect, if relevant with integrality, then software 210 calculates the crc value of expection.

The input and output of second layer confidentiality-encryption

According to the present invention, for GPU 265 being extended to the encrypted content of handling as input, and send as the encrypted content of exporting, encryption and decryption hardware is added to texture device (in input one side) and alphabetical mixing arrangement (in output one side), some rules that realize this function aspects are observed in hardware design personnel's cooperation.Because stream cipher can not be realized the random access to enciphered data, so system uses block encryption data to be encrypted for example each 128.Under the capable filling of cache (cache line fill) state, texture device deciphering, when when color buffer reads cache, alphabetical mixing arrangement deciphering, and before writing, alphabetical mixing arrangement is encrypted.The encryption key that uses in these operations can be different.

Calculation task except that 3D reproduces, for example video decode is the direct expansion of the example just described.Video macrodata piece replaces texture as encrypting input; Just decoded output frame replaces color buffer as encrypting output.If when in command stream, sending GPU 265 in the content band, protect described content, describe below so and how commands buffer is encrypted.

The system by encryption and decryption assembly 440 execution front-end operations that Fig. 4 A has described just to have described as input, sends the encryption face as output to encryption face 420, promptly adds the front end of close grain and color buffer technology.The present invention also provides and adds close grain 400a, and texture 400b can be the typical texture of video memory 260.Add the decryption component 450 that close grain 400a exports to GPU 265, decryption component 450 and encryption processor 220 are worked together, to the texture deciphering, and by assembly 430a, to the data decryption Graphics Application algorithm from assembly 440, for example shadowing method or the like.

With regard to the configuration of the synthetic page upset desktop of prediction, the system of Fig. 4 A that has just described can protect whole desktop, as long as DAC hardware can be as mentioned above to interarea and coverage rate 310 and 320 deciphering.Notice that DAC hardware utilizes block encryption, rather than stream cipher is decrypted in this case.Such system allows the secret face of arbitrary number to participate in desktop, simultaneously they is applied any Z axle ordering, mix or even 3D or effect, and can not damage confidentiality.Must be Always On Top and the protected coverage rate 320 that must be able to examine of its content reside in the independent surface.Above-described secret coverage diagram 310 exists, up to can be by secret page upset desktop or platform, with software simulation till it.

In one embodiment, except can be to interarea 270 deciphering, system requirements GPU 265 can also be to from the ordinary desktop application program, the plain text encryption of the word processor of for example being commissioned, so that they also can participate in desktop.Fig. 4 B illustrates such situation, and is encrypted comprising the main upset chain 510 of front surface 510b and rear surface 510a.Thereby interarea can be handled by desktop compositor 430, protects input and output with respect to it respectively by encrypt/decrypt assembly 440a.With situation that encryption processor 220 is communicated by letter under, decryption component 500 is subsequently to front surface 510b deciphering, so that export to DVI/DAC 290.This is exposed under the following attack with respect to some type of guaranteeing the confidentiality explanation system, and some strategies of taking precautions against these attacks are discussed in described following explanation.

Fig. 4 C has described the alternative of Fig. 4 B, has wherein realized making a copy of secret coverage diagram upset chain 310.Thereby as the replacement that interarea 270 is encrypted, according to the present invention, hardware can be realized the stream cipher encrypting for secret coverage diagram hardware 300a consumption, the convection current code data deciphering together of secret coverage diagram hardware 300a and encryption processor 220.With utilize block encryption that interarea is encrypted to compare, the cost of this expression mechanism is not high, but as design tradeoff, may not resemble to utilize block encryption to scalable and flexible the interarea encryption.Because secret coverage diagram 310 uses stream cipher to encrypt, support reasonably that in this case operation is ' duplicating ' operation, in ' duplicating ' operation, decryption component 440b utilizes the block encryption of input face 510a to the input deciphering, and assembly 440b utilizes the stream cipher of coverage diagram to encrypt again.

Every next encrypt input with regard to enough situations under, these embodiment, and their various combinations are practical, as long as the input of the plaintext of arbitrary number can with encrypt input and combine, produce and encrypt output and get final product.

For guaranteeing confidentiality, attainable measure has a variety of according to the present invention.At first, above-described second layer confidentiality depends on such thought, and promptly in case expressly decrypted, then plaintext can not leak out GPU 265.For example, do not exist and to read debug registers or other instrument expressly by the central processing unit (CPU) of main frame from chip.Except carefully carrying out hardware design avoiding this leakage, GPU 265 instruction set are designed such that the deciphering that can not realize input, can not realize the encryption to output again.In addition, hardware prevents the leakage of clear data, no matter be by inferior strain (rogue) driver, and by the antagonism code, the still leakage that causes by accident.

In addition, hardware can not leak key.In case by the cryptographic protocol of describing according to the checking exchange, key is transmitted to GPU 265, then these keys only are applicable to the encryption and decryption assembly.

As mentioned above, if GPU 265 can be to plain text encryption, so that show that in interarea 270 then this function is regarded as the weakness in the system,, this encryption function can obtain simultaneously expressly and unique mechanism of corresponding ciphertext because being the wherein adversary who describes.By the mapping interarea, so that CPU can see described interarea, and produce must encrypted window, and the adversary can make up the ciphertext subclass corresponding to the known-plaintext piece.When the number of " interesting " text block hour, these so-called " dictionary attack " effects are fine.For example, for the demonstration with the Black-and-White dialog box under the 32bpp display mode, because there are 4 pixels in each piece, such dialogue only need show 16 pieces.For the adversary who finds these 16 ciphertext pieces, even a kind of possible approach is by producing after by GPU 265 deciphering, still significant content is to the pseudo-choosing dialogue of final user.Thus, protected coverage diagram is suitable for taking precautions against the dialogue of distorting most, because when the final user did not also see the content that expection should see, it can make application program detect.

Thereby the good strategy of defeating the adversary who wishes the generation dictionary has two kinds.At first, because dictionary only is applicable to the key of appointment, therefore changes the also internal new encryption of unit weight of key and can force the adversary to begin to prepare new dictionary.In addition, for the encryption of interarea, need not make software can access that key-it can roll in hardware, software only need be apprised of key and change.Because previous key still exists, so software can use previous key unaltered interarea partly to be deciphered and encrypted again.Thereby encryption processor 220 still exists with the key before selecting, for example mode of the dual buffer memory of encryption key indices, and the mode to notify software key to roll, the encryption key of the interarea 270 that regularly rolls.

Another kind of strategy related to before encrypting, position encoded in the image.For example, before it is encrypted, in the image (x, y) pixel location (perhaps other value of deriving, for example image shift) can be become pixel data by exclusive OR (XOR); Thereby can after deciphering, operate.Consequently, the pixel block in the zones of different on surface is encrypted by difference, expressly-the ciphertext mapping is only meaningful to the assigned address in this surface, and this is invalid for the assailant.

The present invention also provides predetermined mixing (swizzled) form.Require random access owing to the line amount with from panel, therefore must utilize block encryption that they are encoded.In the canonical blocks of block encryption size be used for having good synergy between the capable size of typical cache of modern 3D accelerator, if for example cache is capable and block size all is 128, then can in hardware, realize effective encryption and decryption.If even have slight difference (for example 128 block size and 256 s' the capable size of cache), hardware is realized also being likely efficiently.

About a problem of encrypting data texturing be the block encryption scheme require can be encrypted or deciphering before, have adjacent block of bytes; And the capable filling of cache requires pixel data by ' mixings ', promptly form from image (X, Y) position is to the conversion of address, so that the pixel in the capable filling generation of cache 2D zone.So far, disclose linear face form on the hardware producer surface, simultaneously under the situation of notification application not, mixed view data.But because trusted software will send the encryption data texturing, so software must know hybrid plan in advance, thereby it can be to adjacent encryption of blocks of data, and preserves the 2D position.In response, the present invention determines the dictionary of vision-mix form, comprises YUV 4: 4: 4,4: 2: 2 and 4: 2: 0 and rgb format, the supply usefulness of program.The performance of these forms may not resemble image, and to be mixed into the performance of dedicated hardware form so high, and encrypting is worth, though performance is lowered a little, promptly exchanges speed for confidentiality.

For AYUV/ARGB (32bpp, compression), except 8 Color Channels that are used for brightness (Y) and colourity (U and V) sample, this 32bpp face form also comprises an alphabetical passage.On the other hand, it can comprise the ARGB 32bpp of standard, because two kinds of forms all are 32bPP and all are compressed.Following discussion supposition AYUV.Linear placement as shown in Figure 5.

Pixel in the image (X, skew Y) is as follows:

Offset＝Y*Pitch+X*4

Suppose 128 bit encryption block sizes and the capable size of cache, 4 pixels can be fit to single cryptographic block.Before producing the address, the least significant bit (LSB) of interweave X and Y can cause improved 2D position in the capable filling of cache.

Illustrate the image layout that obtains among Fig. 5 B.Each numbering rectangle is a pixel, and the runic rectangle is a cryptographic block.Of the present invention be used for this form image (x, y) to convert the illustration false code of mixed function of skew to as follows in the position:

DWORD：

SwizzleAYUV(DWORDx，DWORDy，DWORD?Pitch)

{

//pitch?is?number?of?bytes?per?scanline?of?macro?blocks

DWORD?BlockOffset＝(v＞＞1)*Pitch+(x＞＞1)*(128/8)；

DWORD?IntraBlockOffset＝((y&2)＜＜2)|(x&2)＜＜1)|((y&1)

＜＜1)|(x&1)；

return?BlockOffset+IntraBlockOffset*4；

}

For YUY2 (16bpp, compression), this face form thinks that 2 coefficient carries out horizontal double sampling to ' colourity ' sample U and V.The result is the compressed image form of 16 of average each pixels.Represented this linear placement among Fig. 6 A.Mixed format of the present invention distributes the cryptographic block of 4 * 2 pixels, as shown in Fig. 6 B.Identical with the situation of Fig. 5 A and 5B, 128 piece is also mixed.Attention for Fig. 6 B and for (x, y) coordinate conversion becomes the following exemplary hybrid false code of image shift, U and V are assumed that to have equal X coordinate:

    DWORD    SwizzleYUY2Y(DWORDx，DWORDy，constSURFACEDESC&sd)    {     assert(x＜sd.Width)；      assert(y＜sd.Height)     DWORD BlockOffset＝(y＞＞1)*sd.Pitch+(x＞＞2)*(128/8)；      DWORD IntraBlockOffset＝((x&2)＜＜1)|        ((y&1)＜＜1)|        ((x&1)＜＜0)；      DWORD dwRet＝BlockOffset+(IntraBlockOffset＜＜1)；      return dwRet；    }    DWORD    SwizzleYUY2U(DWORDx，DWORDy，constSURFACEDESC&sd)    {    assert(x＜sd.Width)；     assert(0＝＝(x&1))；     assert(y＜sd.Height)    DWORD BlockOffset＝(y＞＞1)*sd.Pitch+(x＞＞2)*(128/8)；     DWORD IntraBlockOffset＝((x&2)＜＜1)|       ((y&1)＜＜1)|       ((x&1)＜＜0)；     return BlockOffset+(IntraBlockOffset＜＜1)+1；        <!-- SIPO <DP n="26"> -->        <dp n="d26"/>   }   DWORD   SwizzleYUY2V(DWORDx，DWORDy，constSURFACEDESC&sd)   {    assert(x＜sd.Width)；     assert(0＝＝(x&1))；     assert(y＜sd.Height)    DWORD BlockOffset＝(y＞＞2)*sd.Pitch+(x＞＞3)*(512/8)；     DWORD IntraBlockOffset＝((x&2)＜＜1)|       ((y&1)＜＜1)|       ((x&1)＜＜0)；     return BlockOffset+(IntraBlockOffset＜＜1)+3；    }

In this respect, for the false code of subsidiary Fig. 5 A, 5B, 6A and 6B, interplanar distance is defined by the byte number of every sweep trace of 128 pieces.

For pressure planes (12bpp), this face form thinks that 2 coefficient is flatly with vertically to U and V double sampling.In two independent sectors on this surface, launch brightness and chroma sample.The linear placement that has represented pressure planes (12bpp) among Fig. 7 A.

Interplanar distance is defined by the byte number of every sweep trace of 512 pieces in the Y plane.The spacing on UV plane is half of spacing on Y plane because the sample that exists on the UV plane be on the Y plane sample 1/4, but the color elements of each sample is 2 times of sample on the Y plane.Represented among Fig. 7 B according to vision-mix form of the present invention.

This form that is used for of the present invention, (x, y) coordinate conversion becomes the illustration false code of mixed function of skew of Y, U and V element as follows:

    DWORD    SwizzlePP12Y(DWORDx，DWORDy，const SURFACEDESC&sd)    {      assert(x＜sd.Width)；        <!-- SIPO <DP n="27"> -->        <dp n="d27"/>  assert(y＜sd.Height)  DWORD BlockOffset＝(y＞＞2)*sd.Pitch+(x＞＞2)*(128/8)；  DWORD IntraBlockOffset＝((y&2)＜＜2)|    ((x&2)＜＜1)|    ((y&1)＜＜1)|    (x&1)；  return BlockOffset+IntraBlockOffset；}DWORDSwizzlePP12U(DWORDx，DWORDy，const SURFACEDESC&sd){  DWORD PlaneOffset＝(sd.Height＞＞3)*sd.Pitch；  if((0！＝(x&1))||(0！＝(y&1)))  _asm int 3  x＞＞＝1；  y＞＞＝1；  DWORD BlockOffset＝(y＞＞1)*sd.Pitch/2+(x＞＞2)*(128/8)；  DWORD IntraBlockOffset＝((x&2)＜＜1)|    ((y&1)＜＜1)|    (x&1)；  return PlaneOffset+BlockOffset+(IntraBlockOffset＜＜1)；}DWORDSwizzlePP12V(DWORDx，DWORDy，const SURFACEDESC&sd){  DWORD PlaneOffset＝(sd.Height＞＞3)*sd.Pitch；  if((0！＝(x&1))||(0！＝(y&1)))  _asm int 3  x＞＞＝1；        <!-- SIPO <DP n="28"> -->        <dp n="d28"/>      y＞＞＝1；      DWORD BlockOffset＝(y＞＞1)*sd.Pitch/2+(x＞＞2)*(128/8)；      DWORD IntraBlockOffset＝((x&2)＜＜1)|        ((y&1)＜＜1)|        (x&1)；      return PlaneOffset+BlockOffset+(IntraBlockOffset＜＜1)+1；    }

The commands buffer of the 3rd layer of confidentiality-encryption

According to the present invention, extendible above about the function of the embodiment of ground floor and second layer confidentiality explanation so that except the view data that GPU 265 is handling, also the commands buffer that offers GPU 265 is encrypted.If application program 210 wishes that protection sends to the content of the hardware in the commands buffer, then this function is desirable.Fig. 9 A represents to use the video decode of encrypted command impact damper 900, and thus, content is transmitted adds close grain 400a entirely, and is deciphered by decryption component 450, and is decoded by Video Decoder 430b.Though can be only encrypted with respect to commands buffer, content is in video memory and encrypted in commands buffer, as by shown in the decoded frame 420a that encrypts.Thereby be similar under this situation, it is appropriate that commands buffer is encrypted, and under described situation, the macrodata piece sends motion vector and other order simultaneously in command stream in video memory.

Be not enough to protect under the warning of the content of being considered in the color buffer encryption, also be applicable to the encrypted command buffer data about the separability constraint of encrypting data texturing.Intermediate buffer, for example the Z impact damper also can be encrypted, so that protection system prevents plaintext attack.Fig. 9 B has represented to utilize according to the present invention the illustration 3D of encrypted command impact damper to reproduce.As shown in the figure, it is encrypted in the way that arrives Video Decoder 430c that 3d reproduces order 810.The decrypted assembly 450 of data texturing 400a is deciphered, and is handled according to order 810 by Video Decoder 430c.The thing followed is, by the data encryption in 830 pairs of color buffer 820 of encrypt/decrypt assembly.

Can utilize two kinds of approach, before the consumption of commands buffer, perhaps after consuming commands buffer, distort detection.At an embodiment, after showing or reproducing content, start and distort detection.

The encryption of the output of other alternative-graphics card

In above-mentioned each embodiment, though prove and described confidentiality and integrality about the dotted portion of Fig. 2.But also not about video output proof confidentiality and integrality, that is, in theory, the interface between graphics card and the reproducer such as monitor, and/or reproducer itself is under attack.

Thereby, in the above-described embodiments, as shown in Fig. 9 A, during the course certain a bit, even in video memory and in the graphics card processing procedure, content is protected, but these data need not be sent to DVI/DAC 290 cryptographically.Thereby in arriving the way of reproducer, and within reproducer the time, data may be plagiarized or are changed.

Thereby, according to an alternative of the present invention, described alternative can with other embodiment arbitrary combination described herein, the encryption processor 220b of a homotype is set in reproducer, replenish the function that encryption processor 220a carries out.In this respect, the encrypted component 910a that couples with encryption processor 220a in communication is before sending data to DVI/DAC assembly 290, data are encrypted, the decryption component 910b that couples with encryption processor 220b in the communication deciphers this data, as the demonstration of being carried out or the part of reproduction, prevent the plagiarization of data.On the other hand, encrypted component 910a can be included in together with DVI/DAC assembly 290.In a word, by using identical encryption and decryption, and key management technology, can protect content in whole graphics pipeline, the encipherment protection of realizing content is maintained secrecy and is transmitted and handle.

As mentioned above, though about various computing equipments, hardware, software and network structure illustration embodiment of the present invention has been described, basic concept can be applicable to wherein wish to protect any computing equipment or the system of the content that comes from the source of being commissioned.Thereby, can be applicable to various application programs and equipment according to the technology of encipherment protection secure content of the present invention.For example; the method of encipherment protection secure content of the present invention can be applicable to the operating system of computing equipment, with the form of the standalone object on the equipment, with the form of the part of another object; with can be, provide with form of distributed objects etc. from the form of the object of downloaded.Though the programming language of illustration, false code, title and example are chosen as the representative of various selections here, but these programming languages, false code, title and example also do not mean that limitation of the present invention.

But various technology combined with hardware described herein or software, perhaps they combines realization.Thereby, method and apparatus of the present invention, perhaps some aspect of method and apparatus of the present invention or part can take to embed tangible media, the form of the program code in floppy disk, CD-ROM, hard disk drive or other any machine-readable storage medium (i.e. instruction) for example, wherein be written into machine such as computing machine when program, and when being carried out by described machine, described machine becomes the equipment of the present invention of putting into practice.At program code under situation about carrying out on the programmable calculator, computing equipment generally comprises processor, the readable storage medium (comprising volatibility and nonvolatile memory and/or memory element) of processor, at least one input media and at least one output unit.In order to communicate by letter with computer system, the high-level programming language of the most handy procedure-oriented or object is realized by utilizing data processing API, operating system, and the application program etc. of being commissioned can be used one or more programs of technology of the present invention.But, needing, also available compilation or machine language realize program.In a word, language can be a compiled language or by interpretative code, and in each embodiment of the present invention, the hardware of GPU 265 is realized forcing various conditions.

Also can be by with by some transmission medium, for example by electric wire or cable, by optical fiber or by the transmission of other form, method and apparatus of the present invention is put into practice in the communication that the form of the program code that transmits embodies, wherein work as the program code quilt such as EPROM, gate array, programmable logic device (PLD) (PLD), client computer, video recorder etc., the machine that perhaps has the reception machine and so on of graphics card and the top cryptographic capabilities of describing in illustration embodiment receives, and is written in the described machine, and when being carried out by described machine, described machine becomes the equipment of the present invention of putting into practice.When realizing on general processor, program code combines with processor, forms the unique apparatus of calling function of the present invention.In addition, the memory technology combination of using in conjunction with the present invention of hardware and software always.

Though in conjunction with the preferred embodiment in each accompanying drawing the present invention has been described, but understand and also can use other similar embodiment, perhaps can make amendment and add, so that, realize identical function of the present invention without departing from the invention to described embodiment.For example, though in network environment, for example illustration network environment of the present invention is described in the peer to peer environment aspect, but person of skill in the art will appreciate that the present invention is not limited thereto, can be applicable to any computing equipment or environment (no matter being wired or wireless) as the method that illustrates among the application, game console for example, handheld computer, portable computer or the like, and can be applicable to connect, and this computing equipment of the interactive arbitrary number of spanning network by communication network.In addition, what should emphasize is various computer platforms, comprises portable equipment operating system and other application-specific operating system within desired extent, especially when the number of Wireless Communication Equipment continues to increase sharply.In addition, can for example have in the equipment of some GPU, perhaps cross over described some associations process chip or equipment and realize the present invention, and can cross over and realize storage like some equipment class at some associations process chip or equipment.So the present invention should not be limited to any single embodiment, opposite width of the present invention and scope should limit according to additional claim.

Appendix A: the comparison of stream cipher and block encryption

This appendix has described in detail when relevant with the content of this document, the difference between stream cipher and the block encryption.

Problem	Stream cipher	Block encryption
			The size of space	Byte	16 bytes (128)
Random access	Difficulty/impossible	Directly
			Key conversion	Frequently (every frame)	Not frequent
Complicacy	1X
			4 times of stream cipher
The IP state	Proprietary			Common field

In general, compare with block encryption, the realization of stream cipher is quicker and simpler.

As what title hinted, stream cipher is to the byte stream encryption and decryption.For N byte in the convection current encrypted, password and enters in this stream towards the required side-play amount byte of advancing at every turn from the off.

On the contrary, the block encryption that moves in the electronic code book mode can be to any block encryption or the deciphering in the data, but at every turn must be to complete encryption of blocks of data/deciphering.Typical block size is 16 bytes.

Use stream cipher by this way, so that identical data can be not encrypted twice, the key that promptly is used for encryption and decryption must frequently be changed.For example, when being used to charge video playback, it is just enough that every frame changes key.

To refer at last, have the second best in quality block encryption that is applicable in the common field.

Claims (115)

1. A method of cryptographically protecting confidential content with a trusted graphics system of a computing device, said trusted graphics system having video memory, at least one graphics processing unit (GPU), and an encryption processing device communicatively coupled to said at least one GPU , the method includes: One of the application and the device requests the graphics system to perform one of processing and rendering of the secure content, wherein the request includes the one of the application and the device transmitting a session key to the graphics system and transmitting the secure content to at least one encrypted portion of video memory; decrypting the contents of the at least one encrypted portion of video memory by the at least one GPU in communication with the encryption processing device; said at least one GPU performs one of processing and rendering with respect to said decrypted content; and The content is output from at least one GPU. 2. The method of claim 1, wherein if the output of said output differs from said requested secret adjusted for any processing performed by said at least one GPU on said secret, then sending a message to said secret One of the applications and devices warns about the discrepancy. 3. The method of claim 1, wherein said transmitting includes transmitting said secure content to at least one encrypted overlay, said at least one encrypted overlay overlapping at least one main surface of said video memory. 4. The method of claim 1, wherein decrypting the contents of said at least one encrypted portion of the video memory includes decrypting a geometric portion of the main face such that pixels other than the geometric portion are not decrypted. 5. The method of claim 1, wherein by one of: (A) adding the encryption processor to an existing chip and (B) adding the encryption processor to the graphics card as a separate chip, to permanently install the encryption processor on the graphics card, The physical connection between the encryption processor and the rest of the graphics card is thus inaccessible and not exposed. 6. The method of claim 3, wherein said decrypting comprises decrypting said at least one encrypted overlay by a decryption mechanism of said GPU communicatively coupled to said encryption processing device. 7. The method according to claim 3, wherein said decryption comprises one of the following: (A) when outputting content according to said output, on-the-fly by a graphics system's data- Analog-to-analog conversion (DAC) hardware decrypts the at least one encrypted overlay, and (B) decrypts the at least one encrypted overlay in transit just before the content reaches the graphics system's DAC hardware. 8. The method of claim 3, wherein said decrypting includes decrypting said at least one encrypted overlay by a component that does not have a back channel to the host system before the content reaches DAC hardware of the graphics system. 9. The method of claim 1, further comprising: said at least one GPU in communication with said encryption processing means re-encrypts said content prior to said outputting; and At least one second encryption processing means of the external computing device decrypts the re-encrypted content. 10. The method according to claim 1, wherein the content is transmitted in digital form to an external device having a second encryption processing means, and said decryption is performed on said external device. 11. The method of claim 9, wherein the external computing device is one of (A) a monitor, (B) a set-top box, and (C) a digital signal processing (DSP) rendering device. 12. The method of claim 3, wherein said transmitting includes transmitting said secure content to one of: (A) a first encrypted security overlay for a primary rendering of the secure content, (B) specifically A second encrypted protected overlay for rendering a sensitive user interface, (C) a first encrypted area of the main face for basic reproduction of the secure content, (D) a second encrypted area of the main face especially for rendering a sensitive user interface encrypted area. 13. The method of claim 1, wherein said decrypting includes computing a cryptographic digest of the decrypted data, said method further comprising: The encrypted digest is communicated to one of the application and the device to ensure that the pixels displayed are the pixels sent in connection with the request from the one of the application and the device. 14. The method of claim 12, wherein a second encrypted protected overlay is always in front and is not maskable, wherein the content of the second encrypted protected overlay is verified by the at least one GPU. 15. The method of claim 12, wherein said decryption comprises one of: (A) decrypting the contents of the first encrypted security overlay using a first stream cipher decryption component, (B) decrypting using a second stream cipher The component decrypts the content of the second encrypted protected overlay, (C) decrypts the content of the first encrypted area of the main surface using the first stream cipher decryption component, and (D) decrypts the second encrypted area of the main surface using the second stream cipher decryption component. The content of the second encrypted area is decrypted. 16. The method according to claim 15, wherein at least one bit of each pixel in the main plane is used to determine the pixel's membership in the virtual protected plane, wherein the graphics card according to said at least one bit, The appropriate decryption key for that pixel is selected. 17. The method of claim 16, wherein if said at least one bit contains a zero value, the virtual protected plane associated with said at least one bit is considered an area not to be decrypted. 18. The method of claim 15, further comprising, once decrypted pixel values are available, a pixel selection component of said at least one GPU selecting (A) a second encrypted protected overlay, (B) a first encrypted The pixel values of the overlay and (3) one of the main faces are kept secret. 19. The method of claim 12, wherein said request includes at least one of: (A) source and destination bounding boxes of said at least one encrypted overlay, (B) destination of said at least one encrypted overlay color key, (C) a description of the encryption key index of the contents of the overlay backward buffer to which the data will be flipped for the first encryption-secure overlay, (D) for the second encryption-protected For an overlay, a description of the memory location where at least one of the cyclic redundancy code (CRC), integrity metric, and digest value of the encrypted overlay content will be written, (E) source and destination boundaries for at least one encrypted master plane boxes, and (F) a destination color key for said at least one encrypted primary facet. 20. The method of claim 19, wherein if one of the application and the device is concerned with the integrity of the content, the one of the application and the device calculates at least one of a CRC, an integrity metric and a digest value. 21. The method according to claim 1, wherein at least one command buffer sent to the video decoding device of at least one GUP accompanying said request is encrypted by at least one of said application and device, and is encrypted with said encrypted Said video decoding means to which the processing means communicates decrypts. 22. The method of claim 21, further comprising, by utilizing one of two approaches, (A) prior to the consumption of the command buffer, and (B) after the command buffer has been consumed, said at least one command buffer for tamper detection. 23. At least one of an operating system for performing the method according to claim 1, a computer-readable medium having computer-executable instructions stored thereon, a co-processing device, a computing device, and a modulated data signal conveying computer-executable instructions. 24. A method of cryptographically protecting confidential content with a trusted graphics system of a computing device, said trusted graphics system having video memory, at least one graphics processing unit (GPU), and cryptographic processing means communicatively coupled to said at least one GPU , the method includes: one of the application and the device requests the graphics system to perform one of processing and rendering of the secure content, wherein said request includes said one of the application and the device transmitting a session key to the graphics system for verification by the encryption processing means, and transferring said secure content to at least one encrypted portion of video memory; A decryption mechanism of the input device of the at least one GPU decrypts the content of the at least one encrypted portion of the video memory, wherein the decryption mechanism communicates with the encryption processing device; said at least one GPU performs one of said processing and rendering with respect to said decrypted content; encrypting said content using an encryption/decryption mechanism of an output device of at least one GPU; and Outputting the encrypted content from at least one GPU. 25. The method of claim 24, wherein said input device is a texture mapping device, said output device is an alphanumeric device, and wherein said at least one encrypted portion of said video memory is an encrypted texture plane. 26. The method of claim 24, wherein said secure content is one of texture data, plaintext, and video macroblocks. 27. The method of claim 24, wherein said encrypting and decrypting respectively comprise encrypting and decrypting using a block cipher. 28. The method of claim 25, wherein said decryption mechanism of the texture mapping device encrypts in a cache line fill state, and wherein the encryption/decryption mechanism of the monogram device encrypts before writing. 29. The method of claim 25, further comprising decrypting by an encryption/decryption mechanism of the alphanumeric device when the cache line is read from the color buffer in the video memory. 30. The method of claim 24, further comprising: flipping the encrypted output content from the encrypted rear main face of the video memory to the encrypted front main face of the video memory; The second decryption mechanism of the at least one GPU in communication with the encryption processing device performs a second decryption on the encrypted output content; and The output content is output for the second time. 31. The method of claim 24, wherein said outputting includes outputting encrypted content to a security overlay rollover chain, said method further comprising: flipping said encrypted output from an encryption-back security side to an encryption-front security side, whereby said encryption by said encryption/decryption mechanism includes encryption using stream cipher encryption; and The stream cipher decryption mechanism of the at least one GPU in communication with the encryption processing device performs a second decryption on the encrypted output content. 32. The method of claim 31, further comprising: Encoding a location within the content prior to said encryption; and After said second decryption, the location in the content is decoded, Thus the location cannot be obtained from the outside, maintaining the integrity of the plaintext-encrypted text mapping. 33. The method of claim 24, wherein if the output of said output is different from said requested secret adjusted for any processing performed by said at least one GPU on said secret, then sending a message to said secret One of the applications and devices warns about the discrepancy. 34. The method of claim 24, further comprising: said at least one GPU in communication with said encryption processing means re-encrypts said content prior to said outputting; and At least one second encryption processing means of the external computing device decrypts the re-encrypted content. 35. The method of claim 34, wherein the external computing device is one of (A) a monitor, (B) a set-top box, and (C) a digital signal processor (DSP) rendering device. 36. The method of claim 24, wherein encrypted textures and encrypted off-screen surfaces transmitted by said one of said application and device are encoded using a block cipher, said one of said application and device utilizing a predetermined hybrid format and compression A planar format hybrid block cipher, the predetermined hybrid format converts (x, y) positions in the content to offsets in at least one of YUV, RGB, YUY2. 37. The method according to claim 24, wherein at least one command buffer sent to the video decoding device of at least one GUP accompanying said request is encrypted by at least one of said application and device, and is encrypted with said encrypted Said video decoding means to which the processing means communicates decrypts. 38. The method of claim 24, further comprising, by utilizing one of two approaches, (A) prior to the consumption of the command buffer, and (B) after the command buffer has been consumed, buffer for tamper detection. 39. At least one of an operating system for performing the method according to claim 24, a computer-readable medium having computer-executable instructions stored thereon, a co-processing device, a computing device, and a modulated data signal conveying computer-executable instructions. 40. At least one computer-readable medium comprising computer-executable modules comprising computer-executable instructions for cryptographically protecting confidential content with a trusted graphics system of a computing device, the trusted The graphics system has a video memory, at least one graphics processing unit (GPU) and an encryption processing device communicatively coupled to the at least one GPU, and the computer-executable modules include: means for requesting, by one of an application and a device, a graphics system to perform one of processing and rendering of secure content, wherein said requesting means includes means for transferring a session key to a graphics system by said one of said application and a device means, and means for transferring said secure content to at least one encrypted portion of video memory; means for decrypting the contents of said at least one encrypted portion of video memory by said at least one GPU in communication with said encryption processing means; said at least one GPU performs means for one of said processing and rendering with respect to said decrypted content; and means for outputting said content from at least one GPU. 41. At least one computer-readable medium according to claim 40, wherein if the output of said output device is different from said requesting device adjusted for any processing performed by said at least one GPU on said secure content , alert one of the application and the device of the discrepancy. 42. At least one computer-readable medium according to claim 40, wherein said transferring means includes means for transferring said secure content to at least one encrypted overlay, said at least one encrypted overlay overlapping at least one of said video memory a main face. 43. At least one computer-readable medium according to claim 40, wherein said means for decrypting the contents of said at least one encrypted portion of the video memory comprises means for decrypting the geometric portion of the main face, thereby dividing the geometric portion Pixels outside are not decrypted. 44. At least one computer-readable medium according to claim 40, wherein the encryption processor is implemented by one of: (A) adding the encryption processor to an existing chip and (B) implementing the encryption processor in the form of a separate chip added to the graphics card to permanently install the encryption processor on the graphics card, The physical connection between the encryption processor and the remainder of the graphics card is thus inaccessible and not exposed. 45. At least one computer readable medium according to claim 42, wherein said decryption means comprises means for decrypting said at least one encrypted overlay by a decryption mechanism of said GPU communicatively coupled to said encryption processing means . 46. The at least one computer-readable medium according to claim 42, wherein said decryption means comprises one of the following: (A) when outputting content according to said output of said output means, during transmission by means for digital-to-analog conversion (DAC) hardware of the graphics system to decrypt said at least one encrypted overlay, and (B) means for decrypting said at least one encrypted overlay in transit just before the content reaches the DAC hardware of the graphics system . 47. At least one computer-readable medium according to claim 42, wherein said decryption means comprises a component that does not have a back-channel with respect to the host system, before the content reaches the DAC hardware of the graphics system, said At least one means for encryption overlay decryption. 48. At least one computer readable medium according to claim 40, further comprising: means for said at least one GPU in communication with said encryption processing means to re-encrypt said content prior to said output by said output means; and means for decrypting the re-encrypted content by at least one second encryption processing means of the external computing device. 49. At least one computer-readable medium according to claim 40, wherein the content is digitally transmitted to an external device having a second encryption processing means, and said decryption by said decryption means is performed on said external device. decrypt. 50. At least one computer-readable medium according to claim 48, wherein said external computing device is one of (A) a monitor, (B) a set-top box, and (C) a digital signal processing (DSP) rendering device. 51. At least one computer-readable medium according to claim 42, wherein said transmitting means comprises means for transmitting said secure content to one of: (A) a first An encrypted security overlay, (B) a second encrypted protected overlay specially used to present a sensitive user interface, (C) a first encrypted area of the main surface for the basic reproduction of the secured content, (D) a special A second encryption zone for rendering sensitive user interfaces. 52. At least one computer-readable medium according to claim 40, wherein said means for decrypting includes means for computing a cryptographic digest of decrypted data, said computer-executable means further comprising: Means for transmitting said encrypted digest to one of the application and the device to ensure that the pixels displayed are the pixels sent in connection with said request issued by the one of the application and the device by means of said requesting means. 53. At least one computer-readable medium according to claim 51, wherein the second encrypted protected overlay is always in front and cannot be masked, wherein the content of the second encrypted protected overlay is controlled by the at least one GPU verify. 54. At least one computer-readable medium according to claim 51, wherein said decryption means comprises one of: (A) means for decrypting the contents of the first encrypted security overlay using a first stream cipher decryption component, (B) means for decrypting the content of the second encrypted protected overlay using the second stream cipher decryption component, (C) means for decrypting the content of the first encrypted area of the master surface using the first stream cipher decryption component, and (D ) means for decrypting the content of the second encryption area on the main surface by using the second stream cipher decryption component. 55. At least one computer-readable medium according to claim 54, wherein at least one bit of each pixel in the primary surface is used to determine the pixel's membership in the virtual protected surface, wherein the graphics card according to The at least one bit selects the appropriate decryption key for the pixel. 56. At least one computer readable medium according to claim 55, wherein if said at least one bit contains a value of zero, then the virtual protected plane associated with said at least one bit is considered an area not to be decrypted. 57. The at least one computer-readable medium of claim 54, the computer-executable module further comprising a pixel selection component of said at least one GPU selecting (A) a second encrypted protected Overlay, means for (B) first encrypted security overlay and (3) pixel values of one of the main faces. 58. The at least one computer-readable medium of claim 51, wherein said request by said requesting means includes at least one of: (A) source and destination bounding boxes of said at least one encrypted overlay, (B) the destination color key of the at least one encrypted overlay, (C) the encryption key indexed by the content of the overlay backward buffer to which data is to be flipped for the first encrypted confidential overlay a description, (D) of, for the second encrypted protected overlay, a description of the memory location at which at least one of a cyclic redundancy code (CRC), an integrity metric, and a digest value of the contents of the encrypted overlay will be written, (E) source and destination bounding boxes of at least one encrypted principal face, and (F) a destination color key of said at least one encrypted principal face. 59. At least one computer-readable medium according to claim 58, wherein if one of said application and device cares about the integrity of the content, said one of said application and device calculates at least a CRC, an integrity metric, and One of the digest values. 60. At least one computer-readable medium according to claim 40, wherein at least one command buffer sent to the video decoding means of at least one GUP accompanying said request by said requesting means is controlled by at least said application and One of the devices is encrypted and decrypted by said video decoding means in communication with said encryption processing means. 61. At least one computer-readable medium as recited in claim 60, the computer-executable module further comprising: by utilizing one of two approaches, (A) prior to the consumption of the command buffer, and (B) after the consumed command After the buffer, means for tamper-detecting the at least one command buffer. 62. At least one of an operating system carrying computer-executable instructions of a computer-executable module of at least one computer-readable medium according to claim 40, a co-processing device, a computing device, and a modulated data signal. 63. At least one computer-readable medium comprising computer-executable modules comprising computer-executable instructions for cryptographically protecting confidential content with a trusted graphics system of a computing device, the trusted The graphics system has a video memory, at least one graphics processing unit (GPU) and an encryption processing device communicatively coupled to the at least one GPU, and the computer-executable modules include: means for requesting, by one of an application and a device, a graphics system to perform one of processing and rendering of secure content, wherein said requesting means comprises one of said application and a device for transferring a session key to the graphics system, means for verification by encryption processing means and for transferring said secret content to at least one encrypted portion of the video memory; means for decrypting the content of the at least one encrypted portion of the video memory by a decryption mechanism of the input device of the at least one GPU, wherein the decryption mechanism communicates with the encryption processing means; said at least one GPU performs means for one of said processing and rendering with respect to said decrypted content; means for encrypting said content using encryption/decryption of output means of at least one GPU; and means for outputting said encrypted content from at least one GPU. 64. At least one computer-readable medium according to claim 63, wherein said input device is a texture mapping device, said output device is an alphanumeric device, and wherein said at least one encrypted portion of said video memory is an encrypted textured surface. 65. At least one computer readable medium according to claim 63, wherein said secure content is one of texture data, plaintext, and video macroblocks. 66. At least one computer readable medium according to claim 63, wherein said encrypting means and decrypting means comprise respectively encrypting means and decrypting means utilizing a block cipher. 67. At least one computer-readable medium according to claim 64, wherein said decryption mechanism of the texture mapping device is encrypted in a cache line fill state, wherein the encryption/decryption mechanism of the alphanumeric device is prior to writing encryption. 68. At least one computer readable medium according to claim 64, further comprising means for decrypting by the encryption/decryption mechanism of the alphanumeric device when the cache line is read from the color buffer in the video memory. 69. At least one computer readable medium according to claim 63, further comprising: means for flipping said encrypted output content from an encrypted rear main face of said video memory to an encrypted front main face of said video memory; A second device for decrypting the encrypted output content by a second decryption mechanism of the at least one GPU in communication with the encryption processing device; and A second device for outputting the output content. 70. At least one computer-readable medium according to claim 63, wherein said means for outputting comprises means for outputting encrypted content to a security overlay rollover chain, said computer-executable means further comprising: means for reversing said encrypted output from an encryption-back security side to an encryption-front security side, whereby said encryption by said encryption/decryption mechanism includes encryption means utilizing stream cipher encryption; and A second device for decrypting the encrypted output content by the stream cipher decryption mechanism of the at least one GPU in communication with the encryption processing device. 71. The at least one computer-readable medium of claim 70, the computer-executed module further comprising: means for encoding a location in content prior to said encryption by said encryption means; and means for decoding a position in content after said decryption by said second decryption means, Thus the location cannot be obtained from the outside, maintaining the integrity of the plaintext-encrypted text mapping. 72. At least one computer-readable medium according to claim 63, wherein if the output of said output device is different from said requesting device adjusted for any processing performed by said at least one GPU on said secure content , alert one of the application and the device of the discrepancy. 73. At least one computer-readable medium according to claim 63, the computer-executable modules further comprising: means for said at least one GPU in communication with said encryption processing means to re-encrypt said content prior to said output by said output means; and means for decrypting the re-encrypted content by at least one second encryption processing means of the external computing device. 74. At least one computer-readable medium according to claim 73, wherein said external computing device is one of (A) a monitor, (B) a set-top box, and (C) a digital signal processor (DSP) rendering device. 75. The at least one computer-readable medium of claim 63, wherein encrypted textures and encrypted off-screen surfaces transmitted by one of said application and device are encoded using a block cipher, said one of application and device A hybrid block cipher using a predetermined hybrid format that converts (x, y) positions in the content to offsets in at least one of YUV, RGB, YUY2 and a compressed planar format. 76. The at least one computer-readable medium according to claim 63, wherein at least one command buffer sent to the video decoding means of at least one GUP accompanying said request by said requesting means is controlled by at least said application and One of the devices is encrypted and decrypted by said video decoding means in communication with said encryption processing means. 77. At least one computer-readable medium as recited in claim 63, the computer-executable module further comprising: by utilizing one of two approaches, (A) prior to the consumption of the command buffer, and (B) after the consumed command After the buffer, means for tamper-detecting the at least one command buffer. 78. At least one of an operating system, a co-processing device, a computing device, and a modulated data signal carrying computer-executable instructions of a computer-executable module according to at least one computer-readable medium of claim 63. 79. A computing device, said computing device comprising means for cryptographically protecting confidential content with a trusted graphics system of the computing device, said trusted graphics system having video memory, at least one graphics processing unit (GPU) and said at least one An encryption processing device coupled by GPU communication, the computing device includes: means for requesting, by one of an application and a device, a graphics system to perform one of processing and rendering of secure content, wherein said requesting means comprises means for transmitting a session key to a graphics system by said one of said application and a device , and means for transferring said secure content to at least one encrypted portion of video memory; means for decrypting the contents of said at least one encrypted portion of video memory by said at least one GPU in communication with said encryption processing means; means for performing one of said processing and rendering with respect to said decrypted content by said at least one GPU; and means for outputting said content from at least one GPU. 80. The computing device of claim 79, wherein if the output of the output means is different from the secret content of the requesting means adjusted for any processing performed by the at least one GPU on the secret content, then One of the application and the device is alerted to the discrepancy. 81. The computing device of claim 79, wherein said transmitting means includes means for transmitting said secure content to at least one encrypted overlay, said at least one encrypted overlay overlapping at least one major plane of said video memory. 82. The computing device of claim 79, wherein said means for decrypting the contents of said at least one encrypted portion of video memory includes means for decrypting a geometric portion of a major face such that pixels other than the geometric portion are not decrypted. 83. The computing device of claim 79, wherein one of: (A) adding the encryption processor to an existing chip and (B) adding the encryption processor to the graphics card as a separate chip , to permanently install the encryption processor on the graphics card, The physical connection between the encryption processor and the remainder of the graphics card is thus inaccessible and not exposed. 84. The computing device of claim 81, wherein said decrypting means comprises means for decrypting said at least one encrypted overlay by a decryption mechanism of said GPU communicatively coupled to said encryption processing means. 85. The computing device according to claim 81, wherein said decryption means comprises one of the following: (A) when outputting content according to said output of said output means, during transmission by a data of a graphics system- means for decrypting said at least one encrypted overlay by analog-to-analog conversion (DAC) hardware, and (B) means for decrypting said at least one encrypted overlay in transit just before the content reaches the DAC hardware of the graphics system. 86. The computing device of claim 81, wherein said means for decrypting includes decrypting said at least one encrypted overlay by a component that does not have a back channel to the host system before the content reaches DAC hardware of the graphics system installation. 87. The computing device of claim 79, further comprising: means for said at least one GPU in communication with said encryption processing means to re-encrypt said content prior to said output by said output means; and means for decrypting the re-encrypted content by at least one second encryption processing means of the external computing device. 88. The computing device according to claim 79, wherein the content is transmitted in digital form to an external device having second encryption processing means, and said decryption by said decryption means is performed on said external device. 89. The computing device defined in claim 87, wherein the external computing device is one of (A) a monitor, (B) a set-top box, and (C) a digital signal processing (DSP) rendering device. 90. The computing device of claim 81, wherein said transmitting means includes means for transmitting said secure content to one of: (A) a first encrypted security overlay for a base rendering of the secure content, (B) Second encrypted protected overlay especially for rendering sensitive user interface, (C) First encrypted area of main face for basic reproduction of secure content, (D) Main face for rendering sensitive user The second encrypted area of the interface. 91. The computing device of claim 79, wherein said means for decrypting includes means for computing a cryptographic digest of decrypted data, said computing device further comprising: Means for transmitting said encrypted digest to one of the application and the device to ensure that the pixels displayed are the pixels sent in connection with said request issued by the one of the application and the device by means of said requesting means. 92. The computing device of claim 90, wherein a second cryptographically protected overlay is always in front and cannot be masked, wherein the content of the second cryptographically protected overlay is verified by the at least one GPU. 93. The computing device of claim 90, wherein said means for decrypting comprises one of: (A) means for decrypting the contents of the first encrypted security overlay using the first stream cipher decryption component, (B) means for decrypting the contents of the first encrypted security overlay using the first stream cipher decryption component, means for decrypting the content of the second encrypted protected overlay by means of a second-stream cipher decryption component, (C) means for decrypting the content of the first encrypted area of the master surface by means of the first-stream cipher decryption component, and (D) by means of the second stream The password decryption component is a device for decrypting the content of the second encryption area on the main surface. 94. The computing device of claim 93, wherein at least one bit of each pixel in the primary plane is used to determine the pixel's membership in the virtual protected plane, wherein the graphics card , choose the appropriate decryption key for that pixel. 95. The computing device of claim 94, wherein a virtual protected plane associated with said at least one bit is considered an area not to be decrypted if said at least one bit contains a value of zero. 96. The computing device of claim 93, further comprising selecting, by a pixel selection component of said at least one GPU, (A) a second encrypted protected overlay, (B) a first encrypted pixel value once a decrypted pixel value is available. Means for encrypting the pixel values of the secure overlay and (3) one of the main faces. 97. The computing device of claim 90, wherein said request by said requesting means includes at least one of: (A) source and destination bounding boxes of said at least one encrypted overlay, (B) said the destination color key of at least one encrypted overlay, (C) a specification of the encryption key index of the content of the overlay backward buffer to which the data will be flipped, with respect to the first encrypted confidential overlay, (D) In the case of a second encrypted protected overlay, a description of a memory location where at least one of a cyclic redundancy code (CRC), an integrity metric, and a digest value will be written to the content of the encrypted overlay, (E) at least one encrypted primary surface and (F) the destination color key of the at least one encrypted principal face. 98. The computing device of claim 97, wherein if the one of the application and the device is concerned with the integrity of the content, the one of the application and the device calculates at least one of a CRC, an integrity metric, and a digest value. 99. The computing device of claim 79, wherein at least one command buffer sent to the video decoding means of at least one GUP accompanying said request by said requesting means is encrypted by at least one of said application and device, and decrypted by the video decoding device communicating with the encryption processing device. 100. The computing device of claim 99, further comprising, by utilizing one of two approaches, (A) prior to the consumption of the command buffer, and (B) after the command buffer has been consumed, said at least one Means for tamper detection of command buffers. 101. A computing device comprising computer-executable modules comprising computer-executable instructions to cryptographically protect confidential content with a trusted graphics system of the computing device, the trusted graphics system having video memory , at least one graphics processing unit (GPU) and an encryption processing device communicatively coupled to the at least one GPU, the computing device comprising: means for requesting, by one of an application and a device, a graphics system to perform one of processing and rendering of secure content, wherein said requesting means comprises one of said application and a device for transferring a session key to the graphics system, means for verification by encryption processing means and for transferring said secret content to at least one encrypted portion of the video memory; means for decrypting the content of the at least one encrypted portion of the video memory by a decryption mechanism of the input device of the at least one GPU, wherein the decryption mechanism is in communication with the encryption processing means; means for performing one of said processing and rendering with respect to said decrypted content by said at least one GPU; means for encrypting said content using an encryption/decryption mechanism of an output device of at least one GPU; and means for outputting said encrypted content from at least one GPU. 102. The computing device of claim 101, wherein said input device is a texture mapping device, said output device is an alphanumeric device, and wherein said at least one encrypted portion of said video memory is an encrypted texture plane. 103. The computing device of claim 101, wherein the secure content is one of texture data, plaintext, and video macroblocks. 104. The computing device of claim 101, wherein said encrypting means and decrypting means comprise respectively encrypting means and decrypting means utilizing a block cipher. 105. The computing device of claim 102, wherein the decryption mechanism of the texture mapping means encrypts in a cache line fill state, and wherein the encryption/decryption means of the monogram means encrypts before writing. 106. The computing device of claim 102, further comprising means for decrypting by the encryption/decryption mechanism of the alphanumeric means when the cache line is read from the color buffer in the video memory. 107. The computing device of claim 101, further comprising: means for flipping said encrypted output content from an encrypted rear main face of said video memory to an encrypted front main face of said video memory; a second means for decrypting said encrypted output content by a second decryption mechanism of said at least one GPU in communication with said encrypted processing means; and A second device for outputting the output content. 108. The computing device of claim 101, wherein said means for outputting includes means for outputting encrypted content to a security overlay rollover chain, said computer-executable modules further comprising: means for reversing said encrypted output from an encryption-back security side to an encryption-front security side, whereby said encryption by said encryption/decryption mechanism includes encryption means utilizing stream cipher encryption; and Second means for decrypting the encrypted output content by a stream cipher decryption mechanism of the at least one GPU in communication with the encryption processing means. 109. The computing device of claim 108, further comprising: means for encoding a location in content prior to said encryption by said encryption means; and means for decoding a position in content after said decryption by said second decryption means, Thus the location cannot be obtained from the outside, maintaining the integrity of the plaintext-encrypted text mapping. 110. The computing device of claim 101 , wherein if the output of the output means is different from the secret content of the requesting means adjusted for any processing performed by the at least one GPU on the secret content, then One of the application and the device is alerted to the discrepancy. 111. The computing device of claim 101, the computer-executable modules further comprising: means for re-encrypting said content by said at least one GPU in communication with said encryption processing means prior to said output by said output means; and means for decrypting the re-encrypted content by at least one second encryption processing means of the external computing device. 112. The computing device defined in claim 111, wherein the external computing device is one of (A) a monitor, (B) a set-top box, and (C) a digital signal processor (DSP) rendering device. 113. The computing device of claim 101, wherein encrypted textures and encrypted off-screen surfaces transmitted by said one of said application and device are encoded using a block cipher, said one of said application and device utilizing a predetermined hybrid format and A compressed planar format hybrid block cipher, the predetermined hybrid format converting (x, y) positions in the content to offsets in at least one of YUV, RGB, YUY2. 114. The computing device of claim 101, wherein at least one command buffer sent to the video decoding means of at least one GUP accompanying said request by said requesting means is encrypted by at least one of said application and device, and decrypted by the video decoding device communicating with the encryption processing device. 115. The computing device of claim 101 , the computer-executable module further comprising, by utilizing one of two approaches, (A) prior to consumption of the command buffer, and (B) after the command buffer has been consumed, for Means for tamper detection of said at least one command buffer.

Images